The FBI's iPhone Problem: Tactical vs. Strategic Thinking

[Jeffrey Walton <noloader () gmail com>]

http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in every home and business on the planet,
they'd find a way to do it. That would solve a lot of the tactical
challenges of being able to catch people who commit crimes. What gets
missed is that strategically, it also would open the door to far more
crimes.

Since law enforcement is understaffed already, the net end result
would be a combination of a lot more people hurt and fewer people
caught. Personally, I think more focus should be placed on prevention.

Would you agree to a process that would make it easier to catch a
criminal if that same process made it far more likely you'd be a
victim of a crime? What if I added the fact that the smart criminals
likely would figure out how to game the new process, and the dumb
criminals likely would get caught anyway (because they are dumb).

I'll focus on that this week and close with my product of the week,
which once again is the BlackBerry Priv, because it may show Apple a
path out of this madness.

The Master Key/Backdoor Problem
===========================

There was a time when a lot of locks came with master keys. In fact,
hotels still use them to access rooms for cleaning and maintenance. In
the past, though, even some lines of home locks had master keys. The
problem was that any criminal who got hold of one had access to all of
the locks. Now, you can find lock sets that use the same key for
different locks in your home, but most of those that use a master key
have been purged out of the market, because they represent too high a
risk.

The comparable concept in technology is a "backdoor," or master
password. They have been known to exist in the past, but they
generally existed despite security protocols, not because of them.

Some programmer would slip a backdoor into a product either to make it
easier to do something to the product, or to play a prank, or for a
more nefarious reason. Backdoors typically were discovered as a result
of the programmer telling someone about it, as a result of some kind
of code review or audit, or as a result of an effort to correct a
problem or update the product.

Like a master key, a backdoor is really hard to keep secret
indefinitely; it can be passed down version to version until it's
eventually discovered. The only reason a backdoor stays secret for a
short time is that at the start, it's typically only the person who
put the backdoor in who knows about it.

However, for something that is to be used legitimately, a lot of folks
have to know about it -- which effectively bypasses whatever security
is in the product. In a world where a foreign government could
resource either buying or backward-engineering a secret backdoor,
creating one would be brain-dead stupid, and Tim Cook apparently
isn't.

The value of information on a backdoor into all iPhones -- essentially
a master key -- could be worth millions of dollars, making it nearly
impossible to protect.

Tactical vs. Strategic
================

This is an ongoing problem -- not only with law enforcement, but with
management in general. There is a tendency to create a strategic
problem by thinking tactically. In this case, FBI officials need to
get into one phone. It is very important to them. However, creating a
backdoor would compromise some -- or possibly all iPhone users.

The investigators can't protect the iPhone users who then would be
open to attack, but they don't see that as a problem, because they
would not be held accountable for it, and they are missioned to gain
access to one particular phone.

If we went down a list of the folks who were most likely to be
compromised, it would include the First Family, many in Congress, and
likely not an insignificant number of FBI families. Yet this path
still appears reasonable to the FBI, because the folks who would
benefit would not be held accountable for the resulting problems.

Apple is on the other side. It won't sell more phones if that one
iPhone is compromised, but if all iPhones are made insecure as a
result, its sales will crater. Even if Apple destroyed the backdoor
after it was used and updated the phones so a similar process couldn't
work, it would have demonstrated it could do it, and that would open
it to similar requests from agencies all over the world.

That could cost the company millions in additional overhead. Further,
implementing a patching process just for law enforcement likely would
not only make the iPhone less reliable, but also pull critical
resources from competitive activities. Apple already is struggling to
maintain revenue and profit, and this controversty has the potential
to make that struggle impossible.

> From the micro point of view, this makes sense to the FBI. However,
from the macro point of view, there is nothing potentially valuable
enough in that phone to justify putting so many families -- and Apple
itself -- at risk. Just like what happened after 9/11, the FBI's
investigation could end up doing more damage to the foundation of the
U.S. than the terrorists could hope to have done through their attack.

In effect, the U.S. law enforcement effort has become a force
multiplier for the terrorists, due to a persistent failure to think
strategically. Investigators don't balance the cost of the collateral
damage they could cause with the value of the information they are
likely to get.

Wrapping Up
==========

I mentioned 9/11 above. One of the most painful things to watch was
the response to 9/11. The reports indicated that three things needed
to be done. The policy of turning airplanes over to hijackers needed
to be rescinded (and was). Cockpit doors needed to be hardened (and
they were). Agencies that weren't communicating needed to communicate
(that has not been completed).

We so overreacted that we nearly put the airlines out of business. We
put in place X-ray machines, increasing cancer risk globally, and we
made air travel substantially more painful and costly. The cost of the
fix exceeded by a significant magnitude the exposure we were trying to
correct. In effect, the vast majority of the damage from 9/11 was done
by us to us because we couldn't balance cost and benefits.

That is also what is happening with Apple and the FBI. When law
enforcement starts to become the problem to be fixed, then another
path needs to be found. I should add that in this specific case, given
most think their business phones are monitored and the personal phones
of the terrorists were destroyed by them, there is a better than .8
probability that there is nothing of value in the San Bernardino
terrorists' iPhone anyway.

So, we are putting the most valuable company in the world at risk for
what likely would produce no benefit. Only a politician could work out
a rationale for doing that.
_______________________________________________

NOTE: As of July 10, the mailing list address HAS CHANGED from @linuxbox.org TO @lists.linuxbox.org. Please use the new 
address in all mail to the list.
_______________________________________________

Fun and Misc security discussion for OT posts.
http://lists.linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.